Re: [Samba] Internal LDAP problem

[Luis Angel Fernandez Fernandez]

I keep dealing with this issue and now I launched samba this way:

 /usr/local/samba/sbin/samba -s /usr/local/samba/etc/smb.conf -l
/var/log/samba/ -i -M single -d5

And when I try to change the password for  CN=celia.centeno,OU=alisys.net
,OU=dominios,DC=aliratiun,DC=tic this is what I see in logs:

Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got NTLMSSP neg_flags=0xe2088297
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_NEGOTIATE_OEM
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_LM_KEY
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
  NTLMSSP_NEGOTIATE_56
Got user=[Administrator] domain=[] workstation=[NOMADA29] len1=24 len2=268
auth_check_password_send: Checking password for unmapped user
[]\[Administrator]@[NOMADA29]
map_user_info_cracknames: Mapping user []\[Administrator] from workstation
[NOMADA29]
auth_check_password_send: mapped user is:
[ALIRATIUN]\[Administrator]@[NOMADA29]
auth_get_challenge: returning previous challenge by module random (normal)
[] 97 82 6D 69 6E FA 71 B7..min.q.
ntlm_password_check: Checking NTLMv2 password with domain []
authsam_account_ok: Checking SMB password for user Administrator
logon_hours_ok: No hours restrictions for user Administrator
auth_check_password_recv: sam_ignoredomain authentication for user
[ALIRATIUN\Administrator] succeeded
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0xe2088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
  NTLMSSP_NEGOTIATE_56
ldb: Added timed event ltdb_callback: 0xa9fe958
ldb: Added timed event ltdb_timeout: 0xb24ebe0
ldb: Destroying timer event 0xb24ebe0 ltdb_timeout
ldb: Ending timer event 0xa9fe958 ltdb_callback

[... Many of those ...]
BAD SIG NTLM2: wanted signature of
[] 01 00 00 00 82 A3 B0 6E   D2 87 8B B6 00 00 00 00   ...n 
BAD SIG: got signature of
[] 01 00 00 00 02 0C A7 DE   7E 39 C6 8D 00 00 00 00    ~9..
NTLMSSP NTLM2 packet check failed due to invalid signature!
ldb_request BASE
dn=CN=celia.centeno,OU=alisys.net,OU=dominios,DC=aliratiun,DC=tic
filter=(objectClass=*)
ldb_request BASE
dn=CN=celia.centeno,OU=alisys.net,OU=dominios,DC=aliratiun,DC=tic
filter=(objectClass=*)
ldb_request BASE
dn=CN=celia.centeno,OU=alisys.net,OU=dominios,DC=aliratiun,DC=tic
filter=(objectClass=*)
dreplsrv_notify_schedule(5) scheduled for: Wed Feb  6 16:52:00 2013 CET
dreplsrv_notify_schedule(5) scheduled for: Wed Feb  6 16:52:05 2013 CET
dreplsrv_notify_schedule(5) scheduled for: Wed Feb  6 16:52:10 2013 CET
smbsrv_accept
Shutdown SMB signing
switch message SMBnegprot (task_id 0.88)
Requested protocol [0][PC NETWORK PROGRAM 1.0]
Requested protocol [1][LANMAN1.0]
Requested protocol [2][Windows for Workgroups 3.1a]
Requested protocol [3][LM1.2X002]
Requested protocol [4][LANMAN2.1]
Requested protocol [5][NT LM 0.12]
Requested protocol [6][SMB 2.002]
Requested protocol [7][SMB 2.???]
ldb: Added timed event ltdb_callback: 0xa723468

ldb: Added timed event ltdb_timeout: 0xa8d7430

ldb: Destroying timer event 0xa8d7430 ltdb_timeout

ldb: Ending timer event 0xa723468 ltdb_callback

Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
using SPNEGO
Selected protocol [5][NT LM 0.12]
switch message SMBsesssetupX (task_id 0.88)
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got NTLMSSP neg_flags=0xe2088297
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_NEGOTIATE_OEM
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_LM_KEY
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
  NTLMSSP_NEGOTIATE_56
switch message SMBsesssetupX (task_id 0.88)
Got user=[Administrator] domain=[] workstation=[NOMADA29] len1=24 len2=268
auth_check_password_send: Checking password for unmapped user
[]\[Administrator]@[NOMADA29]
map_user_info_cracknames: Mapping user []\[Administrator] from workstation
[NOMADA29]
auth_check_password_send: mapped user is:
[ALIRATIUN]\[Administrator]@[NOMADA29]
auth_get_challenge: returning previous challenge by module random (normal)
[] 12 BC E9 A7 F8 30 02 D1.0..
ntlm_password_check: Checking NTLMv2 password with domain []
authsam_account_ok: Checking SMB password for user Administrator
logon_hours_ok: No hours restrictions for user Administrator
auth_check_password_recv: sam_ignoredomain authentication for user
[ALIRATIUN\Administrator] succeeded
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0xe2088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  

Re: [Samba] Internal LDAP problem

[Luis Angel Fernandez Fernandez]

I forgot to mention I'm using Samba 4.0.0.

I'd appreciate any help here since I can't figure it out and I don't know
where else I can look at.


2013/2/4 Luis Angel Fernandez Fernandez laff...@gmail.com

   Hi!

   I'm trying to use the internal LDAP provided by Samba4 to store mail
 domains used by SOGo. I have two sets of users. Those used by Samba and
 created through samba-tool and those created under some ou I have made
 up. A few days ago I was able to change the latter users passwords using
 ldapadmin (a windows LDAP client) but today I am not. When I try to
 change a password I get an error message like RPC server unavailable.

   And I have another problem with LDAP. I have to use ldapadmin to change
 users' password because ldappasswd gives me this error:

 ldappasswd -d4 -h 192.168.0.137 cn=juan.lapuerta,ou=alisys.net
 ,dc=aliratiun,dc=tic
 ldap_build_search_req ATTRS: supportedSASLMechanisms
 SASL/GSSAPI authentication started
 SASL username: administra...@aliratiun.tic
 SASL SSF: 56
 SASL data security layer installed.
 Result: Protocol error (2)
 Additional info: Extended Operation(1.3.6.1.4.1.4203.1.11.1) not supported

   But I think I read somewhere that that extended operation is supported.

   Thanks in advance.

   Regards,

 --
 Linkedin profile (http://es.linkedin.com/in/lafdez)
 G+ profile (https://plus.google.com/u/0/115320207805121303027/about)
 Twitter (@lafdez @_lafdez_)
 Identi.ca (@lafdez)




-- 
Linkedin profile (http://es.linkedin.com/in/lafdez)
G+ profile (https://plus.google.com/u/0/115320207805121303027/about)
Twitter (@lafdez @_lafdez_)
Identi.ca (@lafdez)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Internal LDAP problem

[Luis Angel Fernandez Fernandez]

  Hi!

  I'm trying to use the internal LDAP provided by Samba4 to store mail
domains used by SOGo. I have two sets of users. Those used by Samba and
created through samba-tool and those created under some ou I have made
up. A few days ago I was able to change the latter users passwords using
ldapadmin (a windows LDAP client) but today I am not. When I try to
change a password I get an error message like RPC server unavailable.

  And I have another problem with LDAP. I have to use ldapadmin to change
users' password because ldappasswd gives me this error:

ldappasswd -d4 -h 192.168.0.137 cn=juan.lapuerta,ou=alisys.net
,dc=aliratiun,dc=tic
ldap_build_search_req ATTRS: supportedSASLMechanisms
SASL/GSSAPI authentication started
SASL username: administra...@aliratiun.tic
SASL SSF: 56
SASL data security layer installed.
Result: Protocol error (2)
Additional info: Extended Operation(1.3.6.1.4.1.4203.1.11.1) not supported

  But I think I read somewhere that that extended operation is supported.

  Thanks in advance.

  Regards,

-- 
Linkedin profile (http://es.linkedin.com/in/lafdez)
G+ profile (https://plus.google.com/u/0/115320207805121303027/about)
Twitter (@lafdez @_lafdez_)
Identi.ca (@lafdez)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba